Local Privilege Escalation Vulnerability in Visual Studio Code by Microsoft
CVE-2026-47292

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Visual Studio Code - Mssql Extension
Vendor: CVE Published:; 9 June 2026

What is CVE-2026-47292?

A vulnerability in Visual Studio Code allows unauthorized attackers to elevate privileges locally by exploiting the inclusion of functionality from an untrusted control sphere. This could potentially enable attackers to access sensitive data and perform unauthorized actions, posing a significant risk to system integrity.

Affected Version(s)

Visual Studio Code - MSSQL Extension 1.0.0 < 1.123.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-47292 Data

JSON